Internet Related/Filtering/Firewall Thread, Blocking ports like french fishermen in Technical; We have recently implemented a network access solution so that students can access the wireless network and get filtered internet ...
30th April 2009, 10:35 AM #1
Blocking ports like french fishermen
We have recently implemented a network access solution so that students can access the wireless network and get filtered internet access. Currently we use Inty as our filter and firewall.
Before we give the students the information to access this we want to make sure they canít use up bandwidth playing multiplayer games (e.g. call of duty) or worse use the college internet connection to download copyrighted material.
Ideally we would like to block all ports except for those needed (e.g.: 80, 25, etc)
Has anyone implemented a similar blocking policy? If so what ports have you white listed?
P.S The way our network is set up the policy would have to be college wide itís not possible to isolate the wireless devices and apply a different policy.
30th April 2009, 11:11 AM #2
Just a thought - wouldn't it be better to block 25 site-wide and then have a whitelist allow only for your mailservers/relays?
Same with 80/443/21 and an in-house proxy server?
Or can you not use rules on a per-ip/vlan level at all?
30th April 2009, 11:13 AM #3
D'oh and here was me reading the title of this thread and thinking we we're all going to go around agitating and smoking gitanes and muttering sacre bleu!
30th April 2009, 11:48 AM #4
We run with no ports open here for "general population" - all outbound access is proxied. This is a good way to start. I would always suggest you spend an hour or two on implications if you are opening a port out, and probably sleep on it if someone asks for a port in!
Thanks to tom_newton from:
30th April 2009, 11:56 PM #5
One problem i could see is a website that might use other ports than 80 or 443
11th May 2009, 04:50 PM #6
Definitely proxy only in my book. It might be worth considering getting a content filter too, as it's very easy to access sites using google/wayback machine cache...
11th May 2009, 05:31 PM #7
Yeh but there really are not many that do that. You only have 8080/80 and 443 to worry about as without the server being on 80 the url wont work without a port specified.
Originally Posted by FN-GM
For the odd sites you can always make a rule if possible saying if xsite.com allow port 90 etc.
BTW love the title lol
By laserblazer in forum Jokes/Interweb Things
Last Post: 28th October 2008, 10:45 AM
By FN-GM in forum IT News
Last Post: 22nd June 2007, 10:04 PM
By wesleyw in forum Educational Software
Last Post: 10th August 2006, 10:30 AM
By Preston in forum Windows
Last Post: 24th March 2006, 10:48 AM
By cinewlyn in forum Hardware
Last Post: 19th December 2005, 06:12 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)